From 8f3a2d54a6d3ffa7eefa13478c67ccfa9a3df513 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Fri, 15 May 1998 01:02:49 +0000
Subject: [PATCH] added "exclude" and "exclude from" options to rsyncd.conf.

This is useful for mirroring a web site when you don't want users to
mirror everything.
---
 clientserver.c |  6 ++++++
 exclude.c      | 22 ++++++++++++++++------
 loadparm.c     |  8 ++++++++
 rsyncd.conf.yo | 15 +++++++++++++++
 4 files changed, 45 insertions(+), 6 deletions(-)

diff --git a/clientserver.c b/clientserver.c
index 8a0ef15d..33e7b444 100644
--- a/clientserver.c
+++ b/clientserver.c
@@ -162,6 +162,12 @@ static int rsync_module(int fd, int i)
 		gid = atoi(p);
 	}
 
+	p = lp_exclude_from(i);
+	add_exclude_file(p, 1);
+
+	p = lp_exclude_from(i);
+	add_exclude_line(p);
+
 	if (chroot(lp_path(i))) {
 		io_printf(fd,"@ERROR: chroot failed\n");
 		return -1;
diff --git a/exclude.c b/exclude.c
index b2831e4a..d5c126fe 100644
--- a/exclude.c
+++ b/exclude.c
@@ -142,7 +142,9 @@ char **make_exclude_list(char *fname,char **list1,int fatal)
 
 void add_exclude_file(char *fname,int fatal)
 {
-  exclude_list = make_exclude_list(fname,exclude_list,fatal);
+	if (!fname || !*fname) return;
+
+	exclude_list = make_exclude_list(fname,exclude_list,fatal);
 }
 
 
@@ -172,6 +174,18 @@ void recv_exclude_list(int f)
 }
 
 
+void add_exclude_line(char *p)
+{
+	char *tok;
+	if (!p || !*p) return;
+	p = strdup(p);
+	if (!p) out_of_memory("add_exclude_line");
+	for (tok=strtok(p," "); tok; tok=strtok(NULL," "))
+		add_exclude(tok);
+	free(p);
+}
+
+
 static char *cvs_ignore_list[] = {
   "RCS","SCCS","CVS","CVS.adm","RCSLOG","cvslog.*",
   "tags","TAGS",".make.state",".nse_depinfo",
@@ -195,9 +209,5 @@ void add_cvs_excludes(void)
     add_exclude_file(fname,0);
   }
 
-  if ((p=getenv("CVSIGNORE"))) {
-    char *tok;
-    for (tok=strtok(p," "); tok; tok=strtok(NULL," "))
-      add_exclude(tok);
-  }
+  add_exclude_line(getenv("CVSIGNORE"));
 }
diff --git a/loadparm.c b/loadparm.c
index 6755c4c9..52fdaa8a 100644
--- a/loadparm.c
+++ b/loadparm.c
@@ -123,6 +123,8 @@ typedef struct
 	char *hosts_deny;
 	char *auth_users;
 	char *secrets_file;
+	char *exclude;
+	char *exclude_from;
 } service;
 
 
@@ -140,6 +142,8 @@ static service sDefault =
 	NULL,    /* hosts deny */
 	NULL,    /* auth users */
 	NULL,    /* secrets file */
+	NULL,    /* exclude */
+	NULL,    /* exclude from */
 };
 
 
@@ -238,6 +242,8 @@ static struct parm_struct parm_table[] =
   {"hosts deny",       P_STRING,  P_LOCAL,  &sDefault.hosts_deny,  NULL,   0},
   {"auth users",       P_STRING,  P_LOCAL,  &sDefault.auth_users,  NULL,   0},
   {"secrets file",     P_STRING,  P_LOCAL,  &sDefault.secrets_file,NULL,   0},
+  {"exclude",          P_STRING,  P_LOCAL,  &sDefault.exclude,     NULL,   0},
+  {"exclude from",     P_STRING,  P_LOCAL,  &sDefault.exclude_from,NULL,   0},
   {NULL,               P_BOOL,    P_NONE,   NULL,                  NULL,   0}
 };
 
@@ -300,6 +306,8 @@ FN_LOCAL_STRING(lp_hosts_allow, hosts_allow)
 FN_LOCAL_STRING(lp_hosts_deny, hosts_deny)
 FN_LOCAL_STRING(lp_auth_users, auth_users)
 FN_LOCAL_STRING(lp_secrets_file, secrets_file)
+FN_LOCAL_STRING(lp_exclude, exclude)
+FN_LOCAL_STRING(lp_exclude_from, exclude_from)
 
 /* local prototypes */
 static int    strwicmp( char *psz1, char *psz2 );
diff --git a/rsyncd.conf.yo b/rsyncd.conf.yo
index a46b9fa0..a7843670 100644
--- a/rsyncd.conf.yo
+++ b/rsyncd.conf.yo
@@ -140,6 +140,21 @@ dit(bf(gid)) The "gid" option specifies the group name or group id that
 file transfers to and from that module should take place as. This
 complements the "uid" option. The default is the group "nobody".
 
+dit(bf(exclude)) The "exclude" option allows you to specify a space
+separated list of patterns to add to the exclude list. This is
+equivalent to the client specifying these patterns with the --exclude
+option. Note that this option is not designed with strong security in
+mind, it is quite possible that a client may find a way to bypass this
+exclude list. If you want to absolutely ensure that certain files
+cannot be accessed then use the uid/gid options in combination with
+file permissions.
+
+dit(bf(exclude from)) The "exclude from" option specifies a filename
+on the server that contains exclude patterns, one per line. This is
+equivalent to the client specifying the --exclude-from option with a
+equivalent file. See also the note about security for the exclude
+option above.
+
 dit(bf(auth users)) The "auth users" option specifies a comma
 and space separated list of usernames that will be allowed to connect
 to this module. The usernames do not need to exist on the local
-- 
2.34.1